oss-sec mailing list archives
Re: Linux BlueBorne vulnerabilities
From: Ben Seri <ben () armis com>
Date: Fri, 15 Sep 2017 12:40:06 +0000
I agree. And I wish all vendors had such short time frames for releasing patches. Unfortunately this is not the case. On top of this, it was unclear to us whether the linux-distros mailing list would be able to coordinate the kernel patch, so we chose to contact both lists, which required the 7 day embargo period. In any case, we respect the need for a short embargo period, and in this case we disclosed the issues 7 days prior to publication. Ben. On Fri, Sep 15, 2017 at 3:31 PM Solar Designer <solar () openwall com> wrote:
On Fri, Sep 15, 2017 at 12:28:11PM +0000, Ben Seri wrote:Our thought is that since these issues affect multi vendors that areusingLinux, the longer the embargo period, the better chance there is a coordinated patch goes out to as many users as possible once the embargoislifted.Indeed, but it's 2017, not 1997. 14 days is considered a long embargo period now. Unnecessarily long embargoes hurt more than they help. Alexander
Current thread:
- Linux BlueBorne vulnerabilities Armis Security (Sep 13)
- Re: Linux BlueBorne vulnerabilities Petr Matousek (Sep 14)
- Re: Linux BlueBorne vulnerabilities Armis Security (Sep 14)
- Re: Linux BlueBorne vulnerabilities Solar Designer (Sep 14)
- Re: Linux BlueBorne vulnerabilities Ben Seri (Sep 15)
- Re: Linux BlueBorne vulnerabilities Solar Designer (Sep 15)
- Re: Linux BlueBorne vulnerabilities Ben Seri (Sep 15)
- Re: Linux BlueBorne vulnerabilities Solar Designer (Sep 27)
- Re: Linux BlueBorne vulnerabilities Armis Security (Sep 14)
- Re: Linux BlueBorne vulnerabilities Petr Matousek (Sep 14)